Investigation into access of cricketer's medical files complete

Wednesday July 3, 2013

An investigation into clinical staff inappropriately accessing cricketer Jesse Ryder’s electronic files, while he was a patient at Christchurch Hospital in April this year, has been completed.

David Meates, CDHB chief executive, says it was extremely disappointing that the behaviour of some staff was found wanting when they looked at Jesse Ryder’s private medical record when they weren’t directly involved in his care.

“This incident is unacceptable and we have apologised unreservedly to Mr Ryder. It is, however, reassuring that our system of checks and balances has worked in bringing this to our attention,” Mr Meates says.

“I want to reassure the public that patient confidentiality is paramount to CDHB.

Patients should rightly expect their health information will be accessed only by staff involved in their care and treatment, or as part of a quality review process.”

The investigation involved an audit of all electronic patient information systems and was undertaken after Mr Ryder’s hospital stay. A total of seven privacy breaches (where staff looked at his file) were found. Three were CDHB employees, plus an additional staff member seconded from another organisation to CDHB, as well as one staff member from South Canterbury DHB and two staff members from West Coast DHB.

Mr Meates says any breach of patient confidentiality is taken very seriously and the three CDHB staff involved in this investigation have been subject to a disciplinary process. A separate process has been undertaken relating to the staff not employed by CDHB.

Mr Meates says Mr Ryder has been provided a copy of the report findings and is satisfied with action CDHB has taken.

“From a systems perspective, we are able to ensure access to patient information is traceable. Every time a record is accessed an electronic ‘footprint’ is left on a patient’s file,” Mr Meates says.

“That was how we were alerted to the inappropriate access to Mr Ryder’s electronic clinical information. It’s positive that the process works, but a huge disappointment that it had to.”

“That review may take place by a clinician not directly involved in a patient’s care and this ‘second opinion’ review is considered to be a process that provides a very safe way of delivering care, given it is essentially a clinical audit of the care being provided and it is important this practice is continued,” Mr Meates says.

Summary of the method and findings of the investigation:

An audit of all clinical systems was undertaken of access to the clinical information for Mr Ryder from day of admission to discharge.

A comparison of entries made in the clinical record (both paper and electronic) and the staff roster were cross-checked against those people who accessed the systems. Those identified with legitimate access were excluded from further analysis.

A summary was generated recording staff who had clearly legitimately accessed the various systems for this patient and staff for whom it was not clear whether they had a legitimate purpose for accessing Mr Ryder’s record.

Within the latter group, further explanation of the purpose for access was sought via interviews with each individual staff member.

Findings:

Overall, 85 CDHB staff members accessed Mr Ryder’s file

66 were deemed to have clear legitimate access with no further action required

17 did not have obvious reasons for access and an explanation was required

two staff were identified as having accessed records via another staff member’s log-on.

In total, 19 people were interviewed, with the following outcomes:

15 were found to have legitimate reasons to access the file

four did not have a legitimate reason to access the records.

It was found that the four staff who breached Mr Ryder’s privacy by looking at his electronic files did not pass on any of the information they viewed.

To note:

One breach of privacy by a South Canterbury DHB’s staff member was identified and this has been managed by SCDHB management and HR team

One breach of privacy by two West Coast DHB staff members were identified and these have been managed by WCDHB management and HR team.